CVE-2019-12634 – Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Denial of Service Vulnerability

https://notcve.org/view.php?id=CVE-2019-12634

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a missing authentication check in an API call. An attacker who can send a request to an affected system could cause all currently authenticated users to be logged off. Repeated exploitation could cause the inability to maintain a session in the web-based management portal. Una vulnerabilidad en la interfaz de administración basada en la web del Supervisor del Controlador Integrado de Administración de Cisco (IMC), el Director de Cisco UCS y el Director de Cisco UCS Express para Big Data podría permitir que un atacante remoto no autenticado cause una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucs-imc-dos • CWE-264: Permissions, Privileges, and Access Controls CWE-306: Missing Authentication for Critical Function •